• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WireLurker – WSWiR Episode 128

November 7, 2014 By Corey Nachreiner

Mega Patch Day, Password Hijack, and WireLurker

What new security updates do I need? Are attackers exploiting new zero day attacks that affect me? Should I be concerned with any new attack campaigns? What can I learn from the latest network breaches? If you’ve asked yourself these questions, but don’t have time to find the answers, this is the weekly video for you. In it, I summarize the biggest security news from the week and explore what we might learn from it.

Today’s episode talks about the upcoming humongous Microsoft Patch day, explores a password hijack that succeeded despite good security practices, and covers two major threats that affect Apple’s OS X and iOS devices. Watch the video for details, and check out the links below for other interesting stories.

Have a safe and fun weekend!

(Episode Runtime: 11:20)

Direct YouTube Link: https://www.youtube.com/watch?v=PXJ1t23K5hY

Episode References:

  • Expect a crazy big Microsoft Patch Tuesday next week – Microsoft
  • Very interesting password hack, despite good password practices – @gb on Ello
  • Rootpipe: Local elevation of privilege flaw in OS X Yosemite – Macworld
    • Video of Rootpipe in action – YouTube
  • WireLurker – New malware infects iOS devices via OS X – Seattle Times
    • Full research whitepaper on WireLurker [PDF] – Palo Alto
    • Apple updates mitigate WireLurker – ZDNet
    • UPDATE: WireLurker now affects Windows machines – CNR Onlinb

Extras:

  • Flaw found in “chip-n-pin” credit cards that allows million dollar fraudulent transactions – Wired
  • Alleged Silk Road 2.0 administrator arrested; site downed – Krebs on Security
    • Actually, multiple “Darkweb” market sites seized – DeepDotWeb
  • Five most Common FaceBook scam bait topics – Security Affairs
  • How can Verizon customers defeat their ISP’s super tracking cookie? VPN. – The Register
  • Detailed writeup on a buffer overflow found in a consumer Belkin router – Integrity Labs
  • Smuggler: Using 802.11 wireless traffic as a covert communication backchannel – Spider Labs
  • New phishing attack in Japan is even more advanced and stealthy – Softpedia
  • Chinese attacker allegedly attacking fracking firms for IP – Slashdot
  • More than half of home routers use the manufacturer’s default password – BetaNews
  • I’ve said it before, but MD5 is very dead (crypto weakness) – Ars Technica
  • Hilton Honor rewards points stolen via four pin brute force attack – The Register
  • Banks collaborate to launch cyber attack intelligence sharing (Soltra Edge) – Reuters
  • More watering hole attacks; popular music site redirects to exploit kit – Symantec
  • Web site links to all the insecure, default password IP webcams – Network World
  • Google paper on manual account hacking/hijacking [PDF] – Google
  • 158 malware variants born a minute (likely not new but recrypted variants) – The Register
  • Information Commissioner’s Office (ICO) suffered a SQL injection (SQLi) breach – v3.co.uk
  • A DHS “background check” contracter suffered a breach (chain-of-trust attack) – The Register
  • Backoff PoS malware continues to evolve – SC Magazine
  • Australian spear phishing campaign baits with fake speed trap fines – Naked Security
  • Also, E-Z Pass spear phishing campaigns target US drivers – Network World
  • Researchers say Apple’s iWorm fix is insufficient – Network World
  • Home Depot breach due to a chain-of-trust attack – Network World
  • China building “secure” private networks – Telegraph
  • US government wants more “hacking” powers – TechDirt
  • Speaking of social engineering, this is a good example – YouTube

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Apple, Apple malware, hacker, Hacking, Infosec news, mac, password security, passwords, Software vulnerabilities, Updates and patches

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use